Changeset - 93d485d7dc7b
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Branko Majic (branko) - 10 days ago 2024-09-09 14:04:48
branko@majic.rs
MAR-218: Undo removal of explicitly specifying Python interpreter:

- Ansible will produce warnings if the interpreter path is not
specified explicitly.
1 file changed with 1 insertions and 0 deletions:
docs/usage.rst
1
0 comments (0 inline, 0 general)
docs/usage.rst
Show inline comments
 
@@ -143,96 +143,97 @@ packages, and to prepare the environment a bit on the Ansible server:
 

			




	
	
	
		
 

			




	
	
	
		
 
Cloning the *Majic Ansible Roles*

			




	
	
	
		
 
---------------------------------

			




	
	
	
		
 

			




	
	
	
		
 
With most of the software pieces in place, the only missing thing is the Majic

			




	
	
	
		
 
Ansible Roles:

			




	
	
	
		
 

			




	
	
	
		
 
1. Clone the git repository::

			




	
	
	
		
 

			




	
	
	
		
 
     git clone https://code.majic.rs/majic-ansible-roles ~/majic-ansible-roles

			




	
	
	
		
 

			




	
	
	
		
 
2. Checkout the correct version of the roles::

			




	
	
	
		
 

			




	
	
	
		
 
     cd ~/majic-ansible-roles/

			




	
	
	
		
 
     git checkout -b 8.0-dev 8.0-dev

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Preparing the basic site configuration

			




	
	
	
		
 
--------------------------------------

			




	
	
	
		
 

			




	
	
	
		
 
Phew... Now that was a bit tedious and boring... But at least you are now ready

			




	
	
	
		
 
to set-up your own site :)

			




	
	
	
		
 

			




	
	
	
		
 
First of all, let's set-up some basic directory structure and configuration:

			




	
	
	
		
 

			




	
	
	
		
 
1. Create Ansible configuration file.

			




	
	
	
		
 

			




	
	
	
		
 
   .. warning::

			




	
	
	
		
 
      Since Ansible 2.x has introduced much stricter controls over security of

			




	
	
	
		
 
      deployed Python scripts, it is recommended (as in this example) to use the

			




	
	
	
		
 
      ``pipelining`` option (which should also improve performance). This is in

			




	
	
	
		
 
      particular necessary in cases where the SSH user connecting to remote

			




	
	
	
		
 
      machine is *not* ``root``, but there are tasks that use ``become`` with

			




	
	
	
		
 
      non-root ``become_user`` (which is the case in Majic Ansible Roles). See

			




	
	
	
		
 
      `official documentation

			




	
	
	
		
 
      <https://docs.ansible.com/ansible/latest/become.html#becoming-an-unprivileged-user>`_

			




	
	
	
		
 
      and other alternatives to this.

			




	
	
	
		
 

			




	
	
	
		
 
   :file:`~/mysite/ansible.cfg`

			




	
	
	
		
 

			




	
	
	
		
 
   ::

			




	
	
	
		
 

			




	
	
	
		
 
     [defaults]

			




	
	
	
		
 

			




	
	
	
		
 
     roles_path=/home/ansible/majic-ansible-roles/roles:/home/ansible/mysite/roles

			




	
	
	
		
 
     force_handlers = True

			




	
	
	
		
 
     inventory = /home/ansible/mysite/hosts

			




	
	
	
		
 
     interpreter_python = /usr/bin/python3

			




	
	
	
		
 

			




	
	
	
		
 
     [ssh_connection]

			




	
	
	
		
 
     pipelining = True

			




	
	
	
		
 

			




	
	
	
		
 
2. Create directory where retry files will be stored at (so they woudln't

			




	
	
	
		
 
   pollute your home directory)::

			




	
	
	
		
 

			




	
	
	
		
 
     mkdir ~/mysite/retry

			




	
	
	
		
 

			




	
	
	
		
 
3. Create the inventory file.

			




	
	
	
		
 

			




	
	
	
		
 
   :file:`~/mysite/hosts`

			




	
	
	
		
 

			




	
	
	
		
 
   ::

			




	
	
	
		
 

			




	
	
	
		
 
     [preseed]

			




	
	
	
		
 
     localhost ansible_connection=local

			




	
	
	
		
 

			




	
	
	
		
 
     [communications]

			




	
	
	
		
 
     comms.example.com

			




	
	
	
		
 

			




	
	
	
		
 
     [web]

			




	
	
	
		
 
     www.example.com

			




	
	
	
		
 

			




	
	
	
		
 
     [backup]

			




	
	
	
		
 
     bak.example.com

			




	
	
	
		
 

			




	
	
	
		
 
4. Create a number of directories for storing playbooks, group

			




	
	
	
		
 
   variables, SSH keys, X.509 artefacts (for TLS), and GnuPG keyring

			




	
	
	
		
 
   (we'll get to this later)::

			




	
	
	
		
 

			




	
	
	
		
 
     mkdir ~/mysite/playbooks/

			




	
	
	
		
 
     mkdir ~/mysite/group_vars/

			




	
	
	
		
 
     mkdir ~/mysite/ssh/

			




	
	
	
		
 
     mkdir ~/mysite/tls/

			




	
	
	
		
 
     mkdir ~/mysite/gnupg/

			




	
	
	
		
 

			




	
	
	
		
 
5. Create SSH private/public key pair that will be used by Ansible for

			




	
	
	
		
 
   connecting to destination servers, as well as for some roles::

			




	
	
	
		
 

			




	
	
	
		
 
     ssh-keygen -f ~/.ssh/id_rsa -N ''

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Protecting communications using TLS

			




	
	
	
		
 
-----------------------------------

			




	
	
	
		
 

			




	
	
	
		
 
In order to protect the communications between users and servers, as

			




	
	
	
		
 
well as between servers themselves, it is important to set-up and

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2024 by various authors & licensed under GPLv3.